DETAILED ACTION
This office action is in response to the correspondence filed on 07/08/2019. Claims 1-20 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 14-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the term "computer program product" is directed to software per se, thus non-statutory.
	Examiner notes that “non-transitory” can be added to the term to make it one of the allowable statutory categories.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 7-13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Regarding claims 7-13, specifically independent claim 7, “the module” was never recited before. There is insufficient antecedent basis for this limitation in the claim. Please clarify if it should read “the pre-routing network security module”.
In the same limitation, “the second virtualized container” was never recited before. There is insufficient antecedent basis for this limitation in the claim. Please clarify if it is the one of the virtualized containers executing the pre-routing network security module or a different one.
Appropriate correction is required.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the 

Claims 1-2, 5-6, 14-15, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Dinello et al. (US Pub No. 2005/0243789 A1, referred to as Dinello), in view of Singh (US Pub No. 2020/0099703 A1, referred to as Singh).
Regarding claims 1 and 14, taking claim 14 as exemplary, Dinello discloses,
14. A computer program product for pre-routing network security method for cloud computing, the computer program product including a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a device to cause the device to perform a method including: (Dinello: [0011-0012].)
…before processing the stream of packets in the routing component, diverting the stream of packets to a packet inspector… (Singh: [0054-0055]; the network load balancers 540 of the security system may receive 705 the communication request 560. The communication request 565 may then be routed 715 to a computing device within the security sub system where it may perform intrusion protection processing.)
receiving in the routing component… only a fraction of packets of the diverted stream of packets; and, (Dinello: [0056-0058]; the computing device may then route the communication request, after discarding the ones that didn’t pass the intrusion protection processing (a fraction of packets), to the network load balancers 540.)
processing the fraction of packets in the routing component so as to route the fraction of packets to the destination network address. (Dinello: [0058]; the communication request 575 may then be routed to the network load balancers and normally through the open network 515 to the protected server host 525.)
Dinello does not explicitly disclose, however Singh teaches,
receiving in a routing component of a cloud computing environment comprising at least two different virtualized containers, a stream of packets targeting a destination network address; (Singh: Fig. 1A; [0027]; load balancer (routing component) in a container amongst other containers and it can receive packets.)
…a packet inspector executing in one of the different virtualized containers of the cloud computing environment; (Singh: Fig. 1A; [0027]; intrusion detection systems (packet inspector) in another container.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings Singh of into the teachings of Dinello with a motivation to reduce network bandwidth because data packets do not need to be routed to a separate intrusion detection system residing on a separate computing node by using virtualized containers. This also reduces the costs associated with maintaining additional hardware to separately implement the intrusion detection system. (Singh: [0025]).
 

Regarding claims 2 and 15, taking claim 15 as exemplary, the combination of Dinello and Singh discloses,
15. The computer program product of claim 14, 
Singh discloses,
wherein the destination address is internal to another one of the virtualized containers, and (Singh: [0028]; destination container.) wherein the stream of packets is received from a data transmitting source external to the cloud computing environment. (Singh: Fig. 1A; [0026]; remote computers (external).)



Regarding claims 5 and 19, taking claim 19 as exemplary, the combination of Dinello and Singh discloses,
19. The computer program product of claim 14, 
Dinello discloses,
wherein the routing component is a load balancer for the cloud computing environment. (Dinello: [0052]; load balancer (routing component).)


Regarding claims 6 and 20, taking claim 20 as exemplary, the combination of Dinello and Singh discloses,
20. The computer program product of claim 17, 
Dinello discloses,
wherein the packet inspector identifies an attempt to transmit data to a restricted destination based upon the destination network address and, in response, drops the stream of packets without permitting a return of the stream of packets to the routing component. (Dinello: [0056]; the intrusion prevention module may determine whether the communication request is permitted based on whether or not it matches one of a plurality of intrusion prevention signatures (destination network address can be a signature). If the communication request matches an intrusion prevention signature, it can be discarded (drop).)

 
Regarding claim 18, the combination of Dinello and Singh discloses,
18. The computer program product of claim 14, 
Dinello discloses,
wherein the packet inspector performs intrusion detection upon the stream of packets. (Dinello: [0056]; the intrusion prevention module (packet inspector).)


Claims 3-4, and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Dinello, in view of Singh, further in view of McClory et al. (US Pub No. 2018/0324204 A1, referred to as McClory).
Regarding claims 3 and 16, taking claim 16 as exemplary, the combination of Dinello and Singh discloses,
16. The computer program product of claim 14, 
Singh discloses,
wherein the destination address is external to the cloud computing environment, and (Singh: Fig. 1A; [0026]; destination computing nodes (external).)
The same motivation that was utilized for combining Dinello and Singh as set forth in claim 14 is equally applicable to claim 16.
Dinello does not explicitly disclose, however McClory teaches,
wherein the stream of packets is received from a data transmitting source internal to another one of the virtualized containers. (McClory : Fig. 2; [0023], [0036-0037]; load balancers can facilitate communication in the internal networks and external networks.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of McClory into the combination of Dinello and Singh with 


Regarding claims 4 and 17, taking claim 17 as exemplary, the combination of Dinello and Singh discloses,
17. The computer program product of claim 14, 
Dinello does not explicitly disclose, however McClory teaches,
wherein the destination address is internal to another one of the virtualized containers, and wherein the stream of packets is received from a data transmitting source internal to yet another one of the virtualized containers. (McClory : Fig. 2; [0023], [0036-0037]; load balancers can facilitate communication in the internal networks and external networks.)
The same motivation that was utilized for combining Dinello and Singh as set forth in claim 16 is equally applicable to claim 17.


Allowable Subject Matter
Claims 7-13 contain allowable subject matter but remain rejected under 112 rejections.
The following is an examiner’s statement of reasons for allowance: 
Although prior arts Dinello, Singh and McClory above disclose all the limitations of the prior claims (see rejections above), none of the prior arts of record alone or in combination discloses a routing component for the cloud computing environment comprising a configuration to process all received 
At the effective filing date of the application, the above limitations would not have been obvious over the prior arts of record. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The listed references disclose relevant inventions of routing and inspecting network traffic.
Song; Qu Bo et al. (US 20190372937 A1) 
DROUX N G et al. (US 20080151893 A1) 
Please see PTO-892. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571)272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/KA SHAN CHOY/Examiner, Art Unit 2435   

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435